Spyware has become a serious security problem for users of Microsoft's operating system over the past years, giving rise to a host of third-party tools to fight the insidious software. But perhaps the best defensive program has yet to ship, some analysts believe.
Microsoft later this year plans to release Windows Vista, the long-awaited successor to Windows XP. The operating system is being designed to shut the door on spyware. It will introduce important changes at the heart of the operating system, as well as to Internet Explorer, and include Windows Defender, an anti-spyware tool.
"The spyware threat will definitely shrink or shrivel" as Vista gets adopted, said John Pescatore, an analyst with Gartner. "We got a handle on spam. It still gets through, but it is such a small percentage now, we know how to deal with what gets through. That same thing will happen to spyware. It will be under control."
While Microsoft was working on Vista, spyware grew into a security nightmare. Experts believe the malicious software, which pops up ads on screens or spies on PC users, has been surreptitiously put on more than three-quarters of PCs. In an FBI survey published earlier this year, 80 percent of businesses reported spyware trouble, making it the most common security woe after viruses, worms and Trojan horses.
Every new version of Windows offers some security improvements, but Vista more so, said Rob Enderle, an analyst with the Enderle Group. "Vista, because it was pretty much conceived during the toughest times for Microsoft with regards to malicious software, has the most protection in it compared to any of their platforms," he said.
Spyware and its less-noxious cousin adware are widely despised for their sneaky distribution tactics, unauthorized data gathering and slowing of PCs. The unwanted software does not typically land on a computer the way a virus or a worm does. Instead, it creeps onto a system by tricking the user into clicking on a malicious link on a Web site or in an instant message. Alternatively, the distributor may secretly bundle it with an innocuous application that the user does want, such as a free application for file sharing.
Though spyware has been able to haunt users of XP, it won't be as easy for miscreants to get their malicious software onto machines that run Vista, said Austin Wilson, a director in the Windows Client group at Microsoft.
Vista takes on spyware
Microsoft is taking a three-pronged approach with Windows Vista to reduce the threat of spyware.
User Account Control
By default, Windows Vista will run with fewer user privileges. The privileges control how a user can interact with the software. Most Windows XP users have "administrator" privileges, which could be abused by malicious software to install itself on a computer.
In Windows Vista, users will have to invoke administrator rights to perform certain tasks, such as installing software.
Internet Explorer 7
IE 7 will run in "protected mode." This mode will prevent silent
installs of malicious software by stopping the Web browser from writing
data anywhere on the PC except in a temporary files folder without first seeking permission.
Windows Defender
Microsoft's anti-spyware tool will block and clean up any infections that do make it through. The tool scans for spyware, adware, rootkits and other malicious code, but does not include antivirus technology.
"We have taken out a significant number of the attack vectors that spyware authors use today," said Austin Wilson, a director in the Windows Client group at Microsoft. "We're not saying that spyware will be gone because of Windows Vista. We do think we will make a significant impact."
Microsoft is taking a multipronged approach to fight spyware. Unlike XP, Vista will run by default with fewer user privileges. People will have to invoke full, "administrator," privileges to perform tasks such as installing an application.
Also, Internet Explorer 7, included with Vista, will prevent silent installs of malicious code by stopping the browser from writing data anywhere except in a temporary files folder without first seeking permission. Lastly, Windows Defender will clean up any infections that do make it through.
"It is three layers of protection," Wilson said.
While this may be good news for buyers of Vista, it is not for anyone who makes a living from selling anti-spyware software. The worldwide market has boomed recently, reaching $97 million in revenue in 2004, up 240.4 percent from a year earlier, according to IDC. However, companies such as Webroot Software and Sunbelt Software are in for tough times, analysts said.
"The aftermarket for Windows anti-spyware is going to dry up almost completely," said Yankee Group analyst Andrew Jaquith. "Windows Defender is going to become the default anti-spyware engine, certainly for most consumers that have Vista machines."
Gartner's Pescatore agreed. "Integrating Windows Defender into Windows Vista is sort of the last nail into the standalone anti-spyware coffin," he said.
But the anti-spyware market won't disappear overnight. Vista will ship at the end of 2006, and users aren't likely to instantly buy a new PC or upgrade. "You will have a two-to-three-year window before Vista has a major impact on anti-spyware," Pescatore said.
Microsoft is also making security moves outside the anti-spyware space. The Redmond, Wash., company is readying a consumer antivirus product called Windows Live OneCare and enterprise software called Microsoft Client Protection. "The Windows security aftermarket has become too large for Microsoft to ignore it," Jaquith said.
Top 10 Anti-spyware tools
Consumers and small businesses will get their anti-spyware protection mostly from Microsoft and may also opt for the company's antivirus product, analysts predicted. However, larger organizations will look to their trusted antivirus software makers, such as Symantec, McAfee and Trend Micro, for protection, they said.
But not everyone agrees that Vista can make spyware disappear or that its arrival spells the end of the anti-spyware industry. "I think all of these operating system enhancements are going to be helpful in the battle on spyware. I don't think there is a silver bullet, though," said David Moll, chief executive officer of Webroot, the largest standalone anti-spyware seller.
Vista will have an impact, but it won't shut the door on spyware, agreed Alex Eckelberry, president of Sunbelt Software, maker of the CounterSpy tools. There's a huge economic benefit for spyware creators and hackers to continue their practices, he said.
If Vista and Defender don't completely eliminate the threat, then there will always be a market for third party solutions, said Chris Swenson, an analyst at The NPD Group.
"I think Microsoft's new products look excellent, and they will significantly reduce the threat," Swenson said. "But...I'm more of a skeptic about their ability to prevent every single instance of spyware from infiltrating PCs."
The purveyors of spyware will respond to Windows Vista with more sophisticated attacks, Moll said--and that means people will have to be as vigilant in dealing with spyware in the Windows Vista world of the future as they are today.
"It is going to remove the low-hanging fruit. It is going to make it that much harder for dumb spyware to work," Gartner's Pescatore said. "What it will really do is start forcing the threats further up the food chain," he added. Attackers will have to get smarter in fooling the user--what's called social engineering.
Microsoft's Wilson predicts a rise in phishing attacks, which seek to dupe users into giving up personal information by using fraudulent e-mail messages and Web sites. "The profit motive is always there. They are looking for the easiest way they can trick people to getting things on their machines," he said. "We have seen a transition from spyware to phishing."
Harnessing the power of waves
Planting solar gardens
Fill your car for $1.10 a gallon?
